Method and system for electronic delivery of sensitive information

ABSTRACT

A method and related system obtains consent from a user for electronic delivery of sensitive information. The user operating a first computer accesses a web page on a server system to input the consent. The web page prompts for the consent from the user. Once the consent is received at the server system, the consent is stored and sensitive information is delivered electronically to an e-mail address specified by the user. Once consent is indicated, it is communicated from the individual&#39;s computer to another computer such as a server over, for example, a modem connection. Having secured the individual&#39;s consent, the additional sensitive information may be delivered to the individual&#39;s computer as, for example, a URL attachment to an email message.

RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.14/107,379, filed Dec. 16, 2013, which is a continuation of U.S. patentapplication Ser. No. 13/026,498, filed Feb. 14, 2011, now U.S. Pat. No.8,612,322, which is a continuation of U.S. patent application Ser. No.11/827,247, filed Jul. 11, 2007, now U.S. Pat. No. 7,890,401, which is acontinuation of U.S. patent application Ser. No. 11/319,931, filed Dec.28, 2005, now U.S. Pat. No. 7,363,489, which is a continuation of U.S.patent application Ser. No. 09/989,240 filed Nov. 20, 2011, now U.S.Pat. No. 7,028,190, which is a continuation-in-part of U.S. patentapplication Ser. No. 09/023,039, filed Feb. 12, 1998, now U.S. Pat. No.6,782,506, which are incorporated herein by reference in their entiretyfor all purposes.

FILED

This invention relates to obtaining consent from a user to theelectronic delivery of sensitive information.

BACKGROUND INFORMATION

Many government agencies, regulatory bodies or private organizationsrequire that individuals be provided with certain information atspecific times. For example, the Securities and Exchange Commission(SEC) requires that certain individuals, such as prospective andexisting investors, be delivered specific information about investmentvehicles such as, for example, mutual funds. In the context of aprospective investor planning to invest in a particular mutual fund, forexample, a mutual fund prospectus must be shown to have been deliveredto the prospective investor in such a way that the prospective investorwas provided with adequate notice of and access to the prospectus inaccordance with SEC regulations. These delivery, notice and accessrequirements may be met, for example, by sending a copy of theprospectus to the prospective investor via the U.S. Postal Service.Similarly, other organizations have requirements that mandate similarinformation disclosure under an analogous procedure.

Delivering information on paper with hard copies of documents requiredto be sent to individuals (e.g., “sticker updates” to mutual fundprospectuses) is a time consuming and costly endeavor for companies andorganizations. Printing and mailing costs alone can amount to millionsof dollars per year.

Recently, certain organizations have begun to indicate that documentscontaining sensitive information may be distributed in electronic formatwith the caveat that any electronic delivery must meet at least theorganization's electronic delivery requirements.

Furthermore, Congress has passed, and the President has signed into lawthe Electronic Signatures in Global and National Commerce Act (ESIGN)giving legal validity to documents executed by electronic means thatmeet certain requirements. ESIGN further outlines standards forobtaining consent from a consumer for the electronic delivery ofdocuments required to be provided to a consumer in writing.

SUMMARY OF THE INVENTION

One embodiment of the invention is directed to a method of obtainingconsent to electronically send sensitive information to a user. Themethod includes: electronically providing computer-executableinstructions for obtaining consent from the individual for subsequentcomputer-aided delivery of the sensitive information to the individual;prompting, by execution of the instructions on a first computer, theindividual for consent to the subsequent computer-aided delivery of thesensitive information to the individual; communicating the individual'sconsent from the first computer to a second computer, the secondcomputer connected to the first computer over a network; andtransmitting the sensitive information from the second computer to thefirst computer.

Another embodiment of the invention is directed to a system forobtaining consent to electronically send sensitive information to auser. The system includes a server that is programmed to: send thecommunication to a user, the communication including instructions for auser to consent to electronic delivery of sensitive information; receiveconsent from the user; store the received consent; and cause sensitiveinformation to be sent to the user.

Another embodiment of the invention is directed to a computer programincluding: a computer readable medium; computer program instructions onthe computer readable medium, the program instructions, when executed bya computer, direct the computer to perform a method of obtaining consentto electronically send sensitive information to a user, the methodcomprising: requesting the consent from the user; receiving the consentfrom the user; and storing the received consent.

A further embodiment of the invention is directed to acomputer-implemented method of obtaining consent for electronic deliveryof sensitive information, the method comprising: identifying the user;obtaining the user's consent to receive sensitive information inelectronic format; determining whether the user is capable of receivingsensitive information in electronic format; and providing the user withaccess to sensitive information in electronic format.

The application includes still further embodiments of the invention asdefined by the claims.

BRIEF DESCRIPTION OF THE DRAWINGS

In the drawings, like reference characters generally refer to the sameparts throughout the different views.

FIG. 1A is a diagram of the physical delivery of sensitive informationin a computer-readable format to an individual;

FIG. 1B is a diagram showing access of the sensitive information by acomputer operated by the individual and showing consent being providedelectronically from the individual's computer to another computer suchas a server;

FIG. 1C is a flowchart of steps involved in obtaining consent from theindividual using the structures of FIGS. 1A and 1B according to anembodiment of the described method;

FIG. 2 is a block diagram of a general purpose computer according to theprior art for use with the method;

FIG. 3 is a diagram representing one embodiment of a method for a userto access sensitive information;

FIG. 4A is a flowchart of steps involved in obtaining consent from theuser using the structure of FIG. 3 according to another embodiment ofthe method;

FIG. 4B is a flowchart of steps involved in obtaining consent from theuser using the structure of FIG. 3 according to another embodiment ofthe method;

FIG. 5 is a flowchart of steps involved in obtaining consent from theuser using the structure of FIG. 3 according to another aspect of theembodiment method;

FIG. 6 is a diagram showing a format of a URL pointing to sensitiveinformation; and

FIG. 7 is a diagram showing a format for a signal representing an e-mailmessage with the URL of FIG. 6 attached;

FIG. 8 is a flowchart of steps involved in a user requesting a link tospecific sensitive information according to another embodiment of themethod.

DESCRIPTION

As used herein, the term “sensitive information” is intended to mean anyinformation or data that government regulators or other organizationsrequire or suggest be provided to certain individuals. There may also bea requirement that this information be provided in a certain manner orwith certain restrictions. Government regulators may include, forexample, the SEC, similar state or national entities in the U.S. orabroad, e.g., the National Association of Securities Dealers (NASD),state securities commissioners, state insurance commissioners, etc.

Other organizations may include, for example, lending institutions,medical offices, insurance companies, and educational institutions.These or other organizations may require that consent be obtained from auser before certain sensitive information may be sent to the userelectronically. Examples of this kind of sensitive information mayinclude investment information, credit card information, tax documents,contracts, mortgage documents, medical documents, etc.

One method of delivering sensitive information electronically includessending the sensitive information to the user on a computer readablestorage device. Referring to FIG. 1A, a computer-readable storage device10 is sent via a delivery service 12 to a user 14. As an alternative tothe delivery service 12, the user 14 may directly receive the device 10by in-person hand delivery. The device 10 may be any computer-readabledata storage unit such as a computer diskette, a CD, or a memory card.In one aspect of the present invention, the device 10 is a 3.5 inchcomputer diskette. The device 10 may contain sensitive information in aformat that is readable by a computer. In addition to the sensitiveinformation, the device 10 also may contain computer-executableinstructions (software) for causing the computer to prompt the user 14for consent to the electronic delivery of additional information to theuser 14 and for causing the computer to forward the consent to anothercomputer. The device 10 may also contain instructions for causing thecomputer to prompt the user 14 for the user's interest in possiblyreceiving future information electronically. The computer may alsoforward the user's response to another computer.

The delivery service 12 may be any of a variety of services thatphysically deliver packages and letters from one location to anotherincluding the U.S. Postal Service, United Parcel Service, or FederalExpress. As mentioned previously, the delivery may also be accomplishedin person.

Referring to FIG. 1B, with the device 10 in hand, the user 14 can loadit into a computer 16. The computer 16 may read the information storedon the device 10 and display it to the user 14. While it is possible forthe computer 16 to use any of a variety of text editors, wordprocessors, browsers, or other software to display the complianceinformation on the device 10 to the individual, in one example thecomputer 16 uses “micro browser” software stored on the device 10 alongwith the compliance information. The micro browser software allows theuser 14 at the computer 16 to review and/or search the information. Themicro browser may provide a variety of useful features to the user 14reviewing the information including hypertext links to other informationand/or to sites on the World Wide Web.

In addition to the micro browser, or as part of the micro browsersoftware, software on the device 10 may be loaded into the computer 16and executed on the computer 16 to prompt the individual 14 for his orher consent to the electronic delivery of additional sensitiveinformation. The electronic delivery of sensitive information also couldbe a computer notification of the existence of additional sensitiveinformation. Once the individual 14 responds to the prompt and indicateshis or her consent, the software causes the computer 16 to communicatethat consent electronically over a computer communications link 18,e.g., a computer network such as the Internet, or the telephone system,to another computer 20.

The computer communications link 18 between the individual's computer 16and the other computer 20 is depicted as a “cloud” in FIG. 1B toindicate that it may be any of a variety of mediums over which twocomputers may transfer data. In the example, the other computer 20 is aserver that receives and logs the consent sent from the individual'scomputer 16. The other computer 20 may be maintained by, for example,the sender or originator of the information stored by the device 10 orthe other computer 20 may be a system on which multiple sensitiveinformation documents are stored along with records of individuals'consents. This logging computer 20 would then be a clearinghouse forinformation and consent storage. The originator of the information (e.g.a financial institution) may be different from the sender of theinformation (e.g. an information clearinghouse).

The user may be someone who needs sensitive information (such as thepotential purchaser of a security) and has a personal computer(individual's computer 16). The other computer 20 may be a servermaintained by an entity who distributes sensitive information (such as aclearing house who has a contract with financial institutions to publishsecurity information, or the financial institution itself). If the usergives consent then the entity (on behalf of the financial institution)gives the user access to the sensitive information electronically.

The logging computer 20 may implement a sensitive information andconsent database with a relational database accessed by SQL. Any one ofa number of commercially available relational databases and languagescan be used, for example, Microsoft SQL Server 7.0. As is known, arelational database implements a number of tables that arecross-referenced by one or more indices. One example of this type ofdatabase is Oracle 8i.

The scope of the consent requested of the user 14 may vary. The range ofrequested consent varies depending on, for example, the type ofinformation stored by the device 10 and the sender or originator of theparticular information. The user may be requested, for example, toconsent to the electronic delivery of all information from theparticular sender or originator, to consent to the electronic deliveryof only certain categories of information from a particular sender ororiginator, or to consent to electronic delivery of just one particularpiece of information. Also, the scope of the consent may be broad enoughto cover the electronic delivery of information from more than onesender or originator.

Whatever the specific consent requested and given and then communicatedto the other computer 20, the user 14 will then sometime in the futurereceive, by electronic delivery, the additional information. Theinformation may be sent from the other computer 20 to the user'scomputer 16 as a file attachment to an email message. A notificationalso may be sent from the other computer 20 to the user's computer 16 asan email message having the address (Uniform Resource Locator or URL) ofa Web page on the World Wide Web where the information is posted. A URLis a standard way that has been developed to specify the location of aresource that is available electronically. A URL is most commonly usedwhen using a World Wide Web (WWW) client to link to WWW pages. The firstpart of the URL identifies the protocol that is being used. Typically,in WWW applications, HyperText Transfer Protocol (HTTP) is used. Inaddition, one application of a URL is a hyperlink. A hyperlink is anelement in an electronic document that links to another place in thesame document or to an entirely different document. Typically, a userclicks on the hyperlink to follow the link. This email message can alsoinclude a note to the user 14 that he or she should view the informationby a certain date.

What is sent to the user may be the link on which the user can click togo to the web page that has the sensitive information. The sensitiveinformation may also be stored on the server of a company that hosts theinformation, for example a company which distributes complianceinformation (e.g., mutual fund prospectuses) for financial institutions.

Thus, in accordance with at least one example of the present invention,physical delivery of the diskette 10 to the user 14 may be used as amechanism to obtain consent from the user 14 for future electronicdelivery of at least some additional sensitive information.

The device 10 may include sensitive information and the softwarenecessary to at least obtain consent from the user 14 via the computer16 and then communicate the obtained consent to the other computer 20.The software on the device 10 may also include the micro browser thatmay be executed on the user's computer 16 to cause it at least todisplay the sensitive information and the additional sensitiveinformation after that is received at the user's computer 16 pursuant tothe consent given by the user 14. The methods of makingcomputer-readable storage devices are well known and thus are notdescribed herein. Also, the technology to store software and datagenerally on such devices is available and thus is not described herein.

Referring to FIG. 1C, at least one aspect of the invention relates to amethod 28 having the general steps of providing information to theuser's computer 16 (step 22), obtaining the user 14 to consent to theelectronic delivery of additional sensitive information (step 24), andacting on that consent once given (step 26). More particularly, in thisaspect, the method 28 involves sending the diskette 10 to the user 14(step 30) which is received by the user 14 (step 32) and inserted intohis or her computer 16 (step 34).

In further embodiment step 24 occurs before step 22. In this embodimenta user is first prompted for consent to electronic delivery 36 beforeany electronic delivery 22 takes place. In this embodiment the loggingof the consent 40 may at anytime in relation to step 22.

In another example of the present invention, the user 14 does notreceive the information and/or software stored on a physical device 10but instead uses his or her computer 16 to download the complianceinformation and/or software from a source. The source may be the othercomputer 20 or a different computer such as a server on the Internet.

Where the user 14 is not provided with a computer readable medium, thesensitive information maybe downloaded over a connection to the othercomputer 20 or a server. There are many different protocols known forthe transferring of information from one computer to another, e.g., FTTPor HTTP, and any protocol may be used to implement this aspect of thepresent invention. Similarly, the micro browser software and the consentcollection software may also be downloaded in this manner. Oncedownloaded to the computer 16, the user 14 may execute the micro browserto view the information and then execute the consent collection softwareto provide his or her consent to receiving subsequent informationelectronically.

In another aspect of the present invention, the user 14 may operate thecomputer 16 to access a website server 300, as shown in FIG. 3. Theinvestor's computer 16 accesses the network 18 through a communicationschannel 290 that may be, for example, a dial up connection, cable modemaccess or even wireless. The access would be through the communicationsnetwork 18, e.g., the Internet, as shown conceptually by a dotted line302. The website server 300, connected to the network 18 via acommunications channel 292, would then present to the user 14 on theindividual's computer 16 a web page, typically an HTML document, for theuser 14 to complete and provide consent to the electronic delivery ofadditional compliance information, as will be discussed below. In otherwords, the user 14, using browser software, e.g., Microsoft InternetExplorer or Netscape Navigator, accesses a web page on the websiteserver 300. After the website server 300 has received the completedconsent information from the user 14, the received consent informationis transmitted to the logging computer 20 through the communicationsnetwork 18 via a communications channel 294. Of course, thecommunications channels 292, 294 would have bandwidth capacitiessufficient to handle the amount of data traffic present on such servers.This communication between the website server 300 and the loggingcomputer 20 is shown conceptually by the dotted line 304.

It should be noted that the broker/dealer web site server 300 and thelogging computer 20 may be physically located near each other or operatein separate locations. Further, the logging computer 20 may be under themanagement of an entity separate from the website server. Still further,the logging computer 20 may be on a local area network (LAN) incommunication with the web site server 300. In addition, the functionsof the web site server 300 and the logging computer 20 may be suppliedby a single server system having access to multiple databases. Also, theuser's computer 16 may be a public terminal or kiosk that is set up toallow clients of an organization to access information relevant to them.As an example, this public kiosk may be placed in the lobby of ahospital and connected to the website through a network connection.

The logging computer 20, may operate as a sensitive information andconsent storing clearinghouse, storing records of consents provided byusers 14. The record in the logging computer 20 includes an identifierof the accounts for which consent to receive electronic delivery ofsensitive information has been granted. As has been described, it ispossible that consent may have only been granted for certain types ofinformation to be delivered electronically. All of this data, however,may be maintained in the logging computer 20.

After the additional sensitive information becomes available and must betransmitted to the user 14, it will be transmitted from the loggingcomputer 20 to the computer 16 of the user 14. This communication couldbe, for example, an e-mail transmission with an attachment sent throughthe communications network 18 along a path conceptually shown as adotted line 306 through the network 18. Because the user 14 conductsbusiness with the agency or organization and may be unaware of theseparate entity of a sender any e-mail transmission sent to the user 14may be marked as if coming from the agency or organization. Thus, anyquestions that the user 14 may have relative to the information may bedirected to the agency or organization.

As described above, specific sensitive information sent to the user mayinclude (but is not limited to) medical information such as a doctor'sreport, insurance information, security information such as a mutualfund prospectus, etc.

It should be noted that, as understood by one of ordinary skill in theart, an e-mail message is not necessarily directed to a particularcomputer. Rather, the e-mail message is directed to a specificdestination address. With the proliferation of web-based e-mailservices, the user 14 may access e-mail messages from almost anycomputer. Thus, the description of sending an e-mail message fromlogging computer 20 to the individual's computer 16 is an example wherethe user 14 accesses the e-mail account from the computer 16.

The logging computer 20, as above, stores the consent information asreceived from the user 14 through the website server 300. In addition,the logging computer 20 may store information. The information may bereceived from any one of a multitude of external databases.

Regardless of the manner in which the information and/or softwarearrives at the user's computer 16, the user 14 is prompted to consent tothe electronic delivery of additional sensitive information or toconsent to the electronic delivery of a notification of the additionalsensitive information (step 36). The user 14 then may indicate consentby, for example, using a mouse of the computer 16 to click on an OK boxdisplayed on a display of the computer 16, and the consent iscommunicated to the logging computer 20 (step 38). The logging computer20 stores the consent received from the user's computer 16 (step 40),and the additional information or notification thereof that the user 14agreed to accept electronically is sent to the user's computer 16 (step42).

The various computers, i.e., the user's computer 16 and the loggingcomputer 20, each may be a general purpose computer. Referring to FIG.2, at least the basic components of a general purpose computer 44typically include a central processor 46, a main memory unit 48 forstoring software and/or data, an input/output (I/O) controller 50, adisplay device 51, a communications device 52 such as a modem or anetwork interface card, and a data bus 54 coupling these components toallow communication therebetween. The memory 48 generally will includerandom access memory (RAM) and read only memory (ROM). The computer 44typically also has one or more input devices 56 such as a keyboard 58and a mouse 60. The computer 44 typically also has a hard drive 62 withhard disks therein and a floppy disk drive 64 for receiving floppy diskssuch as the 3.5 inch diskette 10. Other devices also may be part of thecomputer 44 including output devices 66 (e.g., printer or plotter)and/or optical disk drives for receiving and reading digital data on aCD. In the disclosed example, one or more computer programs define theoperational capabilities of the computer 44. These software programs maybe loaded onto the hard drive 62 and/or into the memory 48 of thecomputer 44 via the floppy drive 64 or the CD. The compliance datastored on the diskette 10 also may be loaded into the computer 44 viathe floppy drive 64 or CD.

In one example, at least the executable version of the software (e.g.,the micro browser) is made to reside on the hard drive 62, and it isexecuted by the individual 14 double-clicking an appropriate icon on thedisplay 51 using the mouse 60. In general, the controlling software andall of the data utilized by the software are transferred from thediskette 10 and reside on one or more of the computer's storage mediums,such as the hard drive 62.

The general purpose computer 44 may be any computer or workstation(client or server) such as a PC or PC-compatible machine, an AppleMacintosh or a Sun workstation. Furthermore the computer may be awireless or handheld device. The particular type of computer orworkstation is not central to the invention. The invention may beimplemented in a variety of ways including an all-hardware embodiment inwhich dedicated electronic circuits are designed to perform all of thefunctionality which the programmed computer can perform. One example ofthe invention is an implementation in software for execution on one ormore general purpose computers such as PCs running a version of theMicrosoft Windows operating system.

As discussed above, the sensitive information is transmitted to the user14 on a medium such as a floppy disk or CD. As also discussed above, thesensitive information is provided to the user 14 electronically but notvia a hand-delivered or mail-delivered format.

For purposes of explanation, accessing mutual fund prospectus is used asan example to illustrate one embodiment of the system. This example isnot meant to be limiting, only illustrative. The systems and methodsdescribed herein may be used to access varying types of information andto satisfy requirements of different entities. In an exemplarytransaction, the sensitive information in the form of complianceinformation is provided to a user in conjunction with a purchase of asecurity, e.g., shares in a mutual fund. Compliance information isinformation that the SEC requires investors receive in relation tocertain securities transactions. As shown in FIG. 4A, at step 400, theuser purchases the security at the broker/dealer, for example, throughthe website on a broker/dealer website server. To comply with therequirements of the SEC relative to providing a user with access to theprospectus for the mutual fund at the time of sale, the broker/dealerweb site server may offer the prospectus to the user in any of one ormore different ways.

As shown in step 402, the broker/dealer website server may indicate tothe user/investor that the prospectus is available in a hard copy(paper) format if the investor calls a phone number to request adelivery of the paper copy. Alternatively, the investor may be presentedwith a hyperlink (URL) pointing to the compliance information as storedon the logging computer 20. Further, the investor may be offered theoption to have an e-mail sent to his/her e-mail address where the e-mailmessage includes a hyperlink (URL) pointing to the prospectus. In thecase of the e-mail message, the URL may be pointing to the complianceinformation as it is stored on the logging computer 20. Finally, theinvestor may be offered the opportunity to print out a“printer-friendly” version of the prospectus.

The printer-friendly version of the prospectus is one that has beenprepared specifically for proper output on a printer. Because theviewable area of a computer display monitor is different from that of aprinted sheet, a printer-friendly version of a prospectus is one thathas been adjusted so that the information is correctly viewable on aprinted page. For example, a graphic image that is properly displayed onthe monitor may have to be rotated and printed in a landscape view on apiece of paper so that the information may be read by the investor.

To comply with SEC requirements, the broker/dealer has to assure thatthe investor is given an opportunity to access the prospectus. Similarto the paper-based delivery of a prospectus, there is no way to confirmthat the investor has actually read the prospectus or, if the investordoes read the prospectus, there is no way to confirm that the investorunderstands what he or she has read. Thus, in order to comply with theSEC rules, it is only necessary for the broker/dealer to show that theprospectus was presented to the investor in such a way that it is clearthat the investor saw that the prospectus was available and that theinvestor could access the information and the access is not utterlyburdensome.

Of course, if the investor were to call to ask for a paper copy, arecord of this may be maintained. Similarly, if the investor accessesthe compliance information on-line or requests that an e-mail be sentwith a hyperlink, this may also be recorded as evidence that theprospectus was delivered to the investor. Finally, a record may be keptindicating that the investor accessed the system to print out aprinter-friendly version of the prospectus.

After the investor has been offered access to the complianceinformation, the broker/dealer website may access the logging computer20 to determine if the investor already has consented to receivingcompliance information electronically, step 404. If the investor hasconsented, control passes to step 406 where the purchase by the investoris confirmed. Because the investor has consented to receiving complianceinformation electronically, it also is possible that the confirmation ofthe purchase may be sent electronically.

If, however, the investor has not consented to receiving complianceinformation electronically, at step 406 the investor is requested toconsent to electronically receiving additional compliance information inthe future, for example, via e-mail.

After the investor has consented, step 408, a confirmation e-mailmessage maybe sent to the investor's e-mail address. This confirmatione-mail includes a specific confirmation code relative to the investor'sconsent. A paper confirmation of the investor's consent to electronicdelivery of compliance information maybe mailed to the individual'spostal address.

The investor confirms his/her consent by responding to the e-mailconfirmation and including the confirmation code either in the subjectline of the reply e-mail message or in the body of the response. Thus,the individual investor need only reply with a copy of the confirmationof the e-mail message because the confirmation e-mail message includesthe confirmation code, step 410.

The investor's consent and evidence of the confirmation of consent arethen stored in the logging computer 20 at step 412.

In another example, represented generally by the flowchart shown in FIG.4B, the investor accesses the broker/dealer website service 300, step500. The investor maybe identified to the broker/dealer website serveras a registered user of the broker/dealer service either through thesubmission of a valid username/password pair or from cookies that havebeen left on the investor's computer 16.

A cookie is a message given to a web browser by a web server. Thebrowser may store the message in a file called cookie.txt. The messagemaybe sent back to the web server each time the browser requests a pagefrom the server. One purpose of a cookie is to identify a user of thebrowser software.

In one case, it can be assumed that the individual accessing thebroker/dealer website server is verified because of the proper entry ofthe username/password pair. In the other case, however, there is noassurance that an individual operating the computer 16 is a verifieduser. Thus, the broker/dealer website server may either ask for thepassword associated with the individual identified by the cookie orsimply ask for confirmation that the user is the person identified bythe cookie. In either case, however, a specific identity of the investoris established.

At step 502, the investor can retrieve one or more prospectuses for oneor more securities, as has been described above. A record of theinvestor's accessing of these prospectuses is made at step 504. Thisrecord is kept on the logging computer 20 because it is the system thatis actually providing the prospectuses to the investor via thebroker/dealer website server 300. The record includes an identificationof the investor as passed along from the broker/dealer website serverand includes, but is not limited to, the date, time, prospectus,prospectus version level and an identifier for the security. Thus, arecord of each prospectus accessed by the investor is maintained.

Subsequently, the investor may purchase a security, step 506. After theinvestor has purchased the security, the logging computer 20, inconjunction with the broker/dealer website server will determine, atstep 508, whether or not the investor previously retrieved theprospectus for the security that is being purchased. If the investor hasnot retrieved the prospectus, control passes to step 402, as shown inFIG. 4A, and the investor is provided with access to the prospectus incompliance with SEC rules.

Returning to step 508, if the investor previously has retrieved theprospectus for the purchased security, control passes to step 512 whereit must be determined if the prospectus the investor retrieved was themost recent version available. If there has been a change, then controlpasses to step 402. If there has been no change in the prospectus, thenat step 514, a record is made that the investor has been provided withthe prospectus in compliance with SEC rules (and the investor isnotified of this) and control then passes to step 404, as shown in FIG.4A.

The examples of FIGS. 4A and 4B depict the particular embodiment of auser obtaining compliance information for a potential investment. Moregenerally, FIG. 5 depicts a series of steps involved in obtainingconsent from a user for the delivery of non-specific sensitiveinformation. The depictions of FIGS. 4A, 4B and 5 are exemplary only andother particular embodiments are possible. Referring to FIG. 5,electronic delivery of sensitive information may begin at step 550 whena user contacts a host for electronic delivery of sensitive informationor at step 552 when an information host sends a user a query as towhether the user wishes to receive sensitive information in electronicformat. In the second step of the process 554, the host describes theelectronic delivery to the user. This step ensures that the user isaware of what is entailed in receiving sensitive informationelectronically. As described above, a URL may optionally be sent to auser in directing a user to the location of sensitive information ratherthan sending the user full electronic copies of sensitive information.

At step 556 the user decides whether or not to consent to electronicdelivery. If the user does not consent then the process ends 558. If theuser does consent to electronic delivery then the information host maysend the user a test document 560. If the user is unable to receive thetest document then the consent may not be granted 558, and the processmay begin again. If the user is able to receive the test document thenconsent may be established by 564, and further sensitive information maybe delivered electronically, 566.

If information sent by the host to the user is returned, or if there istrouble with the delivery, 568, then consent may be revoked 558 or theconsent obtaining process may revert to a prior stage in order toreaffirm the user's valid consent.

The format of the URL pointing to the sensitive information is showngenerally in FIG. 6. As shown, a URL character string 600 includes aprotocol portion 602 indicating which protocol to use. As shown, theHTTP protocol is represented although this is an example only and theinvention is not limited to this protocol. A domain name portion 604identifies either an IP address or the domain name where the resource islocated. A fictitious domain, “loggingcomputer.com,” is shown. A fileportion 606 represents the file “sensitive-info.html” that contains thesensitive information.

The URL character string 600 may be part of a transmission 700 as shownin FIG. 7. The transmission 700 may include a destination addressportion 702 representing the destination address, or e-mail address, ofthe e-mail message to which the URL string 600 is attached.

As described above, an e-mail message is sent to the user 14. The e-mailmessage includes a hyperlink (URL) pointing to the user information asit is stored on the logging computer 20. As an alternative, the e-mailmessage may be prepared as a HyperText Markup Language (HTML) documentthat would present the sensitive information to the user 14 without theuser 14 having to “click-on” or access a hyperlink. Providing the e-mailmessage as an HTML document means that the investor does not have tolaunch a web browser to read the information—the sensitive informationmay be reviewed within the e-mail program.

The HTML document may have additional hyperlinks embedded in it. Theseadditional hyperlinks (URLs) may direct the user to a web page on theweb server 300. This web page may present the user with links to evenmore information. As an example, the HTML document may be customized forthe user by providing hyperlinks to the user's personal sensitiveinformation. The HTML document may also include an embedded Javascriptprogram to notify the logging system 20 when certain documents have beenaccessed by the investor. This notification may be stored as evidence ofdelivery and access of the sensitive information by the user.

Still further, the sensitive information may be sent as an attachment tothe e-mail message. This attachment may be in any format, for example asan Adobe Acrobat file or a text file.

Certain organizations or rules may require that there be a recordmaintained that the sensitive information is delivered to the user. Withthe previous method of sending a paper copy of the sensitiveinformation, it may only need to be shown that the information wasmailed and there was no indication received back that the delivery wasunsuccessful. Such an indication may be evidenced by returned orundeliverable mail, for example. Similarly, with the electronic ore-mail transmission of sensitive information, it may only need to beshown that the e-mail message was sent to the user 14. This evidence maybe maintained on the logging computer 20. Of course, if the loggingcomputer 20 were to receive back an indication that the delivery viae-mail was unsuccessful, then a backup method of sending the sensitiveinformation (paper copy via postal delivery) may be implemented.

In an alternate embodiment, one or more of the communications channels290, 292, 294 is a wireless connection to the network 18. In addition,hand-held wireless devices such as Personal Digital Assistants (PDAs) ortelephones with micro web browsers may replace the user's computer 16 toreceive the e-mails with the URLs to the sensitive information attachedthereto. These devices may then be used to access the sensitiveinformation. Of course, the format of the information for display on ahand-held device would differ from that meant to be displayed on themonitor of a desktop or laptop computer with a larger screen. Inaddition, the keypad on a hand-held device, especially a phone, willlimit the amount and type of information that can be entered by therecipient.

One embodiment for sending sensitive information to a user after theuser has consented to electronic delivery of sensitive information isshown in FIG. 8. First the user executes a request for electronicdelivery of specific sensitive information. That request is then sent toa sensitive information clearing house. As described above the sensitiveinformation clearing house may be the entity responsible for themaintenance of the sensitive information or may be a different entityspecifically contracted for the distribution of sensitive information tousers (such as a company which contracts with financial institutions toelectronically provide compliance information to potential investors).Once the request is received by the clearing house it is determined ifthe user has consented to electronic delivery of sensitive information.If the user has not consented, the users request for sensitiveinformation is rejected and the user may be offered an opportunity toconsent to electronic delivery of sensitive information.

If the user has consented to electronic delivery of sensitiveinformation the location of the specific sensitive information requestedby the user is determined. If the specific sensitive informationrequested by the user is not located at the clearance house the usersrequest is forwarded to the controller of the specific sensitiveinformation. Once the exact location of the specifically requestedsensitive information is determined, the clearing house or controller ofthe specific sensitive information, generates a hyperlink which links tothe specifically requested sensitive information. That hyperlink is thensent to the destination address which the user has indicated in eitherthere initial request for the sensitive information or in apredetermined profile of the users requests.

As there is no way to know exactly how a user will be receiving andaccessing these e-mails, one embodiment of the present invention maysend multiple URLs for the same sensitive information. One URL will bedirected to being viewed on a standard monitor with a fully enabled webbrowser and will be labeled as such. The other may be labeled asaccessible via a hand-held device operating a micro web browser orequivalent. The latter URL may be configured to operate in conjunctionwith the hand-held device and may, for example, accept input via thekeyboard. Sending the URL in multiple formats allows the recipient toview the sensitive information from, for example, the micro web browseron the wireless phone to see if immediate action is warranted. If thematter is not urgent, the user then may access the same data uponreturning to the desktop or laptop computer via the alternate URL thatis provided. Further, the URL may point to a version of the sensitiveinformation that may be viewed on a hand-held device. Many applicationsare available to convert a document to a format that may be viewed on,e.g., a Palm device from Palm Computing or the Pocket PC fromHewlett-Packard and Casio.

The examples described above use e-mail messages to send the URLspointing to the sensitive information in a database. In yet anotherexample, instead of using e-mail, instant messaging (IM) software, oneexample of which is AOL Instant Messenger from America On Line, may beused to send the URL. With IM, one user has an indication of whetheranother user is actively on the network. If the other user is activelyon the network, a message may be sent directly to the user without usingan e-mail server or program. The transmission of the URL via the InstantMessaging operation may be integrated into the present system. Further,the consent may be established such that URLs are to be sent via IM, ifthe recipient is online, otherwise the message is sent via e-mail.

Unless specifically stated herein, it should not be assumed that anydescribed particular aspect or element of the system is essential.Further, variations, modifications, and other implementations of what isdescribed herein will occur to those of ordinary skill in the artwithout departing from the spirit and the scope of the invention asclaimed. In addition, in view of the foregoing description, one ofordinary skill in the art will understand that equivalent structures maybe available to achieve the same results as those described above.Accordingly, the spirit and scope of the following claims should not belimited to the descriptions of the examples described herein.

What is claimed is:
 1. A system of obtaining consent to electronicallysend sensitive information to a user, the method comprising: undercontrol of a server system: sending a communication to a first clientsystem, the communication comprising computer executable instructionsfor obtaining a consent response from the user for electronic deliveryof the sensitive information; receiving the consent response from thefirst client system; storing the consent response; and if the consentresponse is positive, causing the sensitive information to beelectronically delivered the user.
 2. The method as recited in claim 1,further comprising: under control of the server system: wherein thecommunication comprises a consent request form.
 3. The method as recitedin claim 2, further comprising: under control of the first clientsystem: receiving the consent request form; displaying the consentrequest form; accepting data from the user for at least one field in theconsent request form; and sending the accepted data to the serversystem.
 4. The method as recited in claim 3, further comprising: undercontrol of the server system: determining whether the data received fromthe first client system indicates consent to electronically sendsensitive information to the user; and if the received data indicatesconsent, electronically sending sensitive information to the user. 5.The method as recited in claim 4, wherein the step of electronicallysending sensitive information comprises at least one of: (i) sending afirst e-mail message to a destination address associated with the user,the first e-mail message including a URI, pointing to the sensitiveinformation; and (ii) sending a second e-mail message to the destinationaddress associated with the user, the second e-mail message includingthe sensitive information.
 6. The method as recited in claim 1, 2, 3 or4 wherein the server system and first client system communicate over acomputer network.
 7. A system for obtaining consent to electronicallysend sensitive information to a user, the system comprising: a serversystem programmed to: send a communication to the user, thecommunication comprising instructions for the user to consent toelectronic delivery of the sensitive information; receive the consentfrom the user; store the received consent; and cause the sensitiveinformation to be sent to the user.
 8. The system as recited in claim 7,wherein the communication comprises disclosure information regardingelectronic delivery of sensitive information.
 9. The system as recitedin claim 7, wherein the communication comprises a message sent over anetwork.
 10. The system as recited in claim 7, wherein the communicationcomprises a computer readable device.
 11. The system as recited in claim7, 9, or 10 wherein the communication comprises a link which the usercan follow to indicate consent.
 12. The system as recited in claim 7, 9,or 10, wherein the communication comprises a link which points to adocument containing sensitive information.
 13. The system as recited inclaim 7, 9, 10, or 11, wherein a user's ability to access sensitiveinformation is recorded.
 14. The system as recited in claim 7, wherein:the server system is further operative to: cause a consent request formto be sent to a first client system.
 15. The system as recited in claim14, wherein: the first client system is operative to: receive theconsent request form from the server system; display the consent requestform; accept data from the user for at least one field in the consentrequest form; and send the accepted data to the server system.
 16. Thesystem as recited in claim 14 or 15, wherein the server system and firstclient system communicate over a computer network.
 17. The system asrecited in claim 15, wherein: the server system is further operative to:determine whether the data received from the first client systemindicates consent to electronically send sensitive information to theuser; and if the received information indicates consent, electronicallysend sensitive information to the user.
 18. The system as recited inclaim 17, wherein the step of electronically sending sensitiveinformation comprises at least one of: sending a first e-mail message toa destination address associated with the user, the first e-mail messageincluding a URI pointing to the sensitive information; and (ii) sendinga second e-mail message to the destination address associated with theuser, the second e-mail message including the sensitive information, 19.A computer-implemented method of obtaining consent from a user on afirst computer for electronic delivery of sensitive information, thecomputer-implemented method comprising: displaying, on the firstcomputer, a consent form having at least one field to be completed withdata from the user; transmitting the data in the at least one completedfield from the first computer to a second computer; receiving, at thesecond computer, the transmitted data; and storing the received data inthe second computer, the received data being associated with the USU.20. The computer-implemented method of claim 19, wherein the consentform is an HTML document.